From: fnerd@smds.com (FutureNerd Steve Witham)
To: cypherpunks@toad.com
Message Hash: 8d61d430cb32c8af834a7808e61b3aa654bbdc1bf772a2bff74b3ef8db60fbc7
Message ID: <9301261617.AB12479@smds.com>
Reply To: N/A
UTC Datetime: 1993-01-26 16:59:23 UTC
Raw Date: Tue, 26 Jan 93 08:59:23 PST
From: fnerd@smds.com (FutureNerd Steve Witham)
Date: Tue, 26 Jan 93 08:59:23 PST
To: cypherpunks@toad.com
Subject: Hash Cash and Ripped Checks
Message-ID: <9301261617.AB12479@smds.com>
MIME-Version: 1.0
Content-Type: text/plain
Here's a form of digital cash and checks that takes off from Tim May's
and Hal's ideas, and might have advantages, but uses crypto. I find it
easier to understand than Chaum's method (but maybe the complexity
vs. benefits make it the worst of all possible worlds...lemme know).
Consider:
This message can be exchanged for $x at Fred's Bank
by the first person to present it along with a message whose
MD5 hash is: h
(Serial number: n)
Digitally Signed,
Fred's Bank
Think of this as the right half of a $x bill that's been ripped in half.
The hash is the shape of the rip. The bill is valid if you're the first
one with both matching halves. The left half is blank (a random message
that hashes to h).
TO VERIFY: take a new piece of paper, rip it in half (generate a random
number, take its hash). Send both halves of the old bill, plus the right
half of the piece of paper (the new hash), to the bank. The bank either
says the old bill was spent*, or sends back the right half with the same
amount and their signature. Now only you have the whole new bill.
CHECKS: ask the payee to give you a blank right half. Pay the bank to fill
it in. The payee can verify that it's good without taking it to the bank.
STAMPS/TOKENS/GIFT CERTIFICATES: The payee gives you a pack of right
halves. You turn them to checks later. They might include a serial
number with each one and ask you to give it back with the check so they
can look up (or regenerate!) the left halves easily. They might even
insist that you use the hash/serial # pairs in sequence! (Or is crypto-
strong hashing of serial numbers too much to ask?)
There are even more compromises of anonymity here than with Tim and Hal's
ideas--I assume some compensation with remailers, as Hal suggested.
I was thinking you could launder money by buying checks from Bank B
with checks to Bank B that are drawn on Bank A, etc.
A similar form would be something that said:
This message can be exchanged for $x at Fred's Bank
by the first person to present it
signed with the private key that matches this public key: k
(Serial number: n)
(pad)
Digitally Signed,
Fred's Bank
This would let you buy checks to random strangers without having to
transact anything with them first, but it's sure obvious who the check
is to.
*Maybe you'd send the right half, then the bank would either
prove that it already had the left half, or you'd proceed as above.
-fnerd
quote me
fnerd@smds.com (FutureNerd Steve Witham)
Return to January 1993
Return to “fnerd@smds.com (FutureNerd Steve Witham)”
1993-01-26 (Tue, 26 Jan 93 08:59:23 PST) - Hash Cash and Ripped Checks - fnerd@smds.com (FutureNerd Steve Witham)